package com.coai.user.controller

import com.coai.common.dto.ApiResponse
import com.coai.user.model.Permission
import com.coai.user.model.Role
import com.coai.user.model.RoleType
import com.coai.user.service.PermissionService
import org.springframework.security.core.annotation.AuthenticationPrincipal
import org.springframework.web.bind.annotation.*

@RestController
@RequestMapping("/api/permissions")
class PermissionController(
    private val permissionService: PermissionService
) {
    
    /**
     * 创建角色
     */
    @PostMapping("/roles")
    fun createRole(
        @RequestBody request: CreateRoleRequest,
        @AuthenticationPrincipal userId: String
    ): ApiResponse<Role> {
        val role = permissionService.createRole(
            name = request.name,
            code = request.code,
            type = request.type,
            description = request.description
        )
        return ApiResponse.success(role, "角色创建成功")
    }
    
    /**
     * 分配角色给用户
     */
    @PostMapping("/users/{userId}/roles")
    fun assignRole(
        @PathVariable userId: String,
        @RequestBody request: AssignRoleRequest,
        @AuthenticationPrincipal currentUserId: String
    ): ApiResponse<Unit> {
        permissionService.assignRoleToUser(userId, request.roleId)
        return ApiResponse.success(message = "角色分配成功")
    }
    
    /**
     * 移除用户角色
     */
    @DeleteMapping("/users/{userId}/roles/{roleId}")
    fun removeRole(
        @PathVariable userId: String,
        @PathVariable roleId: String,
        @AuthenticationPrincipal currentUserId: String
    ): ApiResponse<Unit> {
        permissionService.removeRoleFromUser(userId, roleId)
        return ApiResponse.success(message = "角色移除成功")
    }
    
    /**
     * 创建权限
     */
    @PostMapping
    fun createPermission(
        @RequestBody request: CreatePermissionRequest,
        @AuthenticationPrincipal userId: String
    ): ApiResponse<Permission> {
        val permission = permissionService.createPermission(
            name = request.name,
            code = request.code,
            resource = request.resource,
            action = request.action,
            description = request.description
        )
        return ApiResponse.success(permission, "权限创建成功")
    }
    
    /**
     * 分配权限给角色
     */
    @PostMapping("/roles/{roleId}/permissions")
    fun assignPermission(
        @PathVariable roleId: String,
        @RequestBody request: AssignPermissionRequest,
        @AuthenticationPrincipal userId: String
    ): ApiResponse<Unit> {
        permissionService.assignPermissionToRole(roleId, request.permissionId)
        return ApiResponse.success(message = "权限分配成功")
    }
    
    /**
     * 获取用户权限
     */
    @GetMapping("/users/{userId}")
    fun getUserPermissions(
        @PathVariable userId: String
    ): ApiResponse<List<Permission>> {
        val permissions = permissionService.getUserPermissions(userId)
        return ApiResponse.success(permissions)
    }
    
    /**
     * 检查用户权限
     */
    @GetMapping("/users/{userId}/check")
    fun checkPermission(
        @PathVariable userId: String,
        @RequestParam resource: String,
        @RequestParam action: String
    ): ApiResponse<Boolean> {
        val hasPermission = permissionService.hasPermission(userId, resource, action)
        return ApiResponse.success(hasPermission)
    }
    
    /**
     * 获取用户角色
     */
    @GetMapping("/users/{userId}/roles")
    fun getUserRoles(
        @PathVariable userId: String
    ): ApiResponse<List<Role>> {
        val roles = permissionService.getUserRoles(userId)
        return ApiResponse.success(roles)
    }
    
    /**
     * 初始化系统权限
     */
    @PostMapping("/initialize")
    fun initializePermissions(
        @AuthenticationPrincipal userId: String
    ): ApiResponse<Unit> {
        permissionService.initializeSystemPermissions()
        return ApiResponse.success(message = "系统权限初始化完成")
    }
}

data class CreateRoleRequest(
    val name: String,
    val code: String,
    val type: RoleType = RoleType.CUSTOM,
    val description: String?
)

data class AssignRoleRequest(
    val roleId: String
)

data class CreatePermissionRequest(
    val name: String,
    val code: String,
    val resource: String,
    val action: String,
    val description: String?
)

data class AssignPermissionRequest(
    val permissionId: String
)
